Add a profile for arch-audit

3 files changed, 42 insertions, 1 deletions

diff --git a/README.md b/README.md
index efc102ba1..c9e04ee3c 100644
--- a/README.md
+++ b/README.md
@@ -180,4 +180,4 @@ calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage,
 calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth,
 imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron,
 ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
-conky
+conky, arch-audit
diff --git a/arch-audit.profile b/arch-audit.profile
new file mode 100644
index 000000000..d8ed64811
--- /dev/null
+++ b/arch-audit.profile
@@ -0,0 +1,40 @@
+# Firejail profile for arch-audit
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/arch-audit.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+
+noblacklist /var/lib/pacman
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private
+private-bin arch-audit
+private-dev
+private-tmp
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 95fc14d04..e4e3e4972 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -20,6 +20,7 @@ amarok
 amule
 android-studio
 apktool
+arch-audit
 ardour4
 ardour5
 arduino